Vulnerabilities > Apple > Iphone OS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-09-18 | CVE-2014-4423 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. | 4.3 |
| 2014-09-18 | CVE-2014-4422 | Cryptographic Issues vulnerability in Apple Iphone OS and Tvos The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers. | 6.8 |
| 2014-09-18 | CVE-2014-4415 | Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 6.8 |
| 2014-09-18 | CVE-2014-4414 | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 6.8 |
| 2014-09-18 | CVE-2014-4413 | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 6.8 |
| 2014-09-18 | CVE-2014-4412 | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 6.8 |
| 2014-09-18 | CVE-2014-4411 | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 6.8 |
| 2014-09-18 | CVE-2014-4410 | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2. | 6.8 |
| 2014-09-18 | CVE-2014-4409 | Information Exposure vulnerability in Apple Iphone OS WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. | 4.3 |
| 2014-09-18 | CVE-2014-4408 | Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call. | 6.9 |